.gitlab-ci.yml

@@ -2,7 +2,7 @@ image: "archlinux:latest"
 
 ansible-lint:
   before_script:
-    - pacman -Syu --needed --noconfirm ansible-lint ansible
+    - pacman -Syu --needed --noconfirm ansible-lint ansible python-jmespath
   script:
     # Fix weird ansible bug: https://github.com/trailofbits/algo/issues/1637
     # This probably happens due to gitlab-runner mounting the git repo into the container

roles/arch_boxes_sync/files/arch-boxes-sync.service

@@ -6,4 +6,4 @@ Type=oneshot
 ExecStart=/usr/local/bin/arch-boxes-sync.sh
 ProtectSystem=strict
 PrivateTmp=true
-ReadWritePaths=/srv/ftp/images
+ReadWritePaths=/srv/ftp/lastupdate /srv/ftp/images

roles/arch_boxes_sync/files/arch-boxes-sync.sh

@@ -2,46 +2,72 @@
 set -o nounset -o errexit -o pipefail
 # https://docs.gitlab.com/ee/api/README.html#namespaced-path-encoding
 readonly PROJECT_ID="archlinux%2Farch-boxes"
-readonly JOB_NAME="build:secure"
 readonly ARCH_BOXES_PATH="/srv/ftp/images"
+readonly LASTUPDATE_PATH="/srv/ftp/lastupdate"
 readonly MAX_RELEASES="6" # 3 months
 
-RELEASES="$(curl --silent --show-error --fail "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/releases")"
-LATEST_RELEASE_TAG="$(jq -r .[0].tag_name <<< "${RELEASES}")"
+PACKAGES="$(curl --silent --show-error --fail "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/packages?per_page=1&sort=desc")"
+LATEST_VERSION="$(jq -r .[0].version <<< "${PACKAGES}")"
 
-if [[ -d ${ARCH_BOXES_PATH}/${LATEST_RELEASE_TAG} ]]; then
+if [[ -d ${ARCH_BOXES_PATH}/${LATEST_VERSION} ]]; then
   echo "Nothing to do"
   exit
 fi
-echo "Adding release: ${LATEST_RELEASE_TAG}"
+
+# The files aren't uploaded atomic, so avoid missing files by requiring every package to be at least 5 minutes old.
+if (( $(date -d "-5 min" +%s) < $(date -d "$(jq -r .[0].created_at <<< "${PACKAGES}")" +%s) )); then
+  echo "Skipping release: ${LATEST_VERSION}, too new"
+  exit
+fi
+
+echo "Adding release: ${LATEST_VERSION}"
+
+PACKAGE_ID="$(jq -r .[0].id <<< "${PACKAGES}")"
+PACKAGE_NAME="$(jq -r .[0].name <<< "${PACKAGES}")"
+PACKAGE_FILES="$(curl --silent --show-error --fail "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/packages/${PACKAGE_ID}/package_files")"
 
 readonly TMPDIR="$(mktemp --directory --tmpdir="/var/tmp")"
 trap "rm -rf \"${TMPDIR}\"" EXIT
 cd "${TMPDIR}"
 
-readonly HTTP_CODE="$(curl --silent --show-error --fail --output "output.zip" --write-out "%{http_code}" "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/jobs/artifacts/${LATEST_RELEASE_TAG}/download?job=${JOB_NAME}")"
-# The releases are released/tagged and then built, so the artifacts aren't necessarily ready (yet).
-if (( HTTP_CODE == 404 )); then
-  echo "Skipping release: ${LATEST_RELEASE_TAG}, artifacts not ready (404)"
-  exit
-fi
+mkdir "${LATEST_VERSION}"
+while IFS= read -r FILE; do
+  FILE_CREATED_AT="$(jq -r .created_at <<< "${FILE}")"
+  FILE_NAME="$(jq -r .file_name <<< "${FILE}")"
+  FILE_SHA256="$(jq -r .file_sha256 <<< "${FILE}")"
 
-mkdir "${LATEST_RELEASE_TAG}"
-unzip output.zip
-# People should download the vagrant images from Vagrant Cloud
-rm output/*.box{,.*}
-mv output/* "${LATEST_RELEASE_TAG}"
+  # People should download the vagrant images from Vagrant Cloud
+  if [[ $FILE_NAME =~ .*\.box(|\..*)$ ]]; then
+    continue
+  fi
 
-for FILE in "${LATEST_RELEASE_TAG}"/*; do
-  if [[ $FILE == *${LATEST_RELEASE_TAG:1}* ]]; then
-    FILE="${FILE##*/}"
-    ln -s "${FILE}" "${LATEST_RELEASE_TAG}/${FILE//-${LATEST_RELEASE_TAG:1}}"
+  curl --silent --show-error --fail --output "${LATEST_VERSION}/${FILE_NAME}" "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${LATEST_VERSION}/${FILE_NAME}"
+  sha256sum --quiet -c <<< "${FILE_SHA256} ${LATEST_VERSION}/${FILE_NAME}"
+  touch --no-create --date="@$(date -d "${FILE_CREATED_AT}" +%s)" "${LATEST_VERSION}/${FILE_NAME}"
+done < <(jq -c .[] <<< "${PACKAGE_FILES}")
+
+for FILE in "${LATEST_VERSION}"/*; do
+  if [[ $FILE == *${LATEST_VERSION:1}* ]]; then
+    DEST="${FILE//-${LATEST_VERSION:1}}"
+    if [[ $FILE =~ .*\.SHA256$ ]]; then
+      sed "s/-${LATEST_VERSION:1}//" "${FILE}" > "${DEST}"
+      touch --no-create --reference="${FILE}" "${DEST}"
+    # Don't create a symlink for the .SHA256.sig file, as we break the signature by fixing the checksum file.
+    elif [[ $FILE =~ .*\.SHA256.sig$ ]]; then
+      continue
+    else
+      SYMLINK="${FILE##*/}"
+      ln -s "${SYMLINK}" "${DEST}"
+      touch --no-create --reference="${FILE}" --no-dereference "${DEST}"
+    fi
   fi
 done
 
-mv "${LATEST_RELEASE_TAG}" "${ARCH_BOXES_PATH}/"
-ln -nsf "${LATEST_RELEASE_TAG}" "${ARCH_BOXES_PATH}/latest"
+mv "${LATEST_VERSION}" "${ARCH_BOXES_PATH}/"
+ln -nsf "${LATEST_VERSION}" "${ARCH_BOXES_PATH}/latest"
 
 echo "Removing old releases"
 cd "${ARCH_BOXES_PATH}"
 comm --output-delimiter="" -3 <({ ls | grep -v latest | sort -r | head -n "${MAX_RELEASES}"; echo latest; } | sort) <(ls | sort) | tr -d '\0' | xargs --no-run-if-empty rm -rvf
+
+date +%s > "${LASTUPDATE_PATH}"

roles/archusers/tasks/main.yml

@@ -8,7 +8,7 @@
   with_dict: "{{ arch_users }}"
 
 - name: Create Arch Linux-specific users
-  user:
+  ansible.builtin.user:
     name: "{{ item.key }}"
     group: users
     groups: "{{ item.value.groups | join(',') }}"

roles/archweb/tasks/main.yml

@@ -20,28 +20,28 @@
 
 - name: Set archweb groups
   user: name=archweb groups=uwsgi
-  when: archweb_site|bool
+  when: archweb_site | bool
 
 - name: Create ssl cert
   include_role:
     name: certificate
   vars:
     domains: "{{ [archweb_domain] + archweb_alternate_domains }}"
-  when: archweb_site|bool and maintenance is not defined
+  when: archweb_site | bool and maintenance is not defined
 
 - name: Set up nginx
   template: src=nginx.d.conf.j2 dest="{{ archweb_nginx_conf }}" owner=root group=root mode=644
   notify: Reload nginx
-  when: archweb_site|bool and maintenance is not defined
+  when: archweb_site | bool and maintenance is not defined
   tags: ['nginx']
 
 - name: Make nginx log dir
   file: path=/var/log/nginx/{{ archweb_domain }} state=directory owner=root group=root mode=0755
-  when: archweb_site|bool
+  when: archweb_site | bool
 
 - name: Make rsync iso dir
   file: path={{ archweb_rsync_iso_dir }} state=directory owner=archweb group=archweb mode=0755
-  when: archweb_site|bool
+  when: archweb_site | bool
 
 - name: Clone archweb repo
   git: >
@@ -67,7 +67,7 @@
 
 - name: Create media dir
   file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}/media"
-  when: archweb_site|bool
+  when: archweb_site | bool
 
 - name: Fix home permissions
   file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_dir }}"
@@ -211,7 +211,7 @@
   template: src="archweb-memcached.service.j2" dest="/etc/systemd/system/archweb-memcached.service" owner=root group=root mode=0644
   notify:
     - Daemon reload
-  when: archweb_site|bool
+  when: archweb_site | bool
 
 - name: Install archweb rsync iso service and timer
   template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
@@ -220,11 +220,11 @@
     - archweb-rsync_iso.timer
   notify:
     - Daemon reload
-  when: archweb_site|bool
+  when: archweb_site | bool
 
 - name: Deploy archweb
   template: src=archweb.ini.j2 dest=/etc/uwsgi/vassals/archweb.ini owner=archweb group=http mode=0640
-  when: archweb_site|bool
+  when: archweb_site | bool
 
 - name: Deploy new release
   file: path=/etc/uwsgi/vassals/archweb.ini state=touch owner=archweb group=http mode=0640
@@ -240,7 +240,7 @@
   with_items:
     - archweb-memcached.service
     - archweb-rsync_iso.timer
-  when: archweb_site|bool
+  when: archweb_site | bool
 
 - name: Start and enable archweb reporead service
   service: name="archweb-reporead.service" enabled=yes state=started
@@ -288,7 +288,7 @@
 
 - name: Create retro dir
   file: state=directory owner=archweb group=archweb mode=0755 path="{{ archweb_retro_dir }}"
-  when: archweb_site|bool
+  when: archweb_site | bool
 
 - name: Clone archweb-retro repo
   git:
@@ -297,4 +297,4 @@
     version: "{{ archweb_retro_commit_hash }}"
   become: true
   become_user: archweb
-  when: archweb_site|bool
+  when: archweb_site | bool

roles/archwiki/meta/main.yml

+galaxy_info:
+  description: archwiki role
+  standalone: false
+
 dependencies:
   - role: nginx

roles/aurweb/templates/aurweb.service.j2

@@ -6,6 +6,7 @@ RuntimeDirectory={{ aurweb_prom_dir }}
 Environment=PROMETHEUS_MULTIPROC_DIR=/run/{{ aurweb_prom_dir }}
 User={{ aurweb_user }}
 WorkingDirectory={{ aurweb_dir }}
+LimitNOFILE=2048
 ExecStart=/usr/bin/poetry run gunicorn \
     --log-config {{ aurweb_dir }}/logging.conf \
     --bind {{ aurweb_asgi_bind }} \

roles/borg_server/tasks/main.yml

@@ -2,7 +2,7 @@
   pacman: name=borg state=present
 
 - name: Create borg user
-  user:
+  ansible.builtin.user:
     name: borg
     home: "{{ backup_dir }}"
 

roles/dbscripts/tasks/main.yml

@@ -39,7 +39,7 @@
     - nginx
 
 - name: Create Arch Linux-specific users
-  user:
+  ansible.builtin.user:
     name: "{{ item.key }}"
     group: users
     groups: "{{ item.value.groups | join(',') }}"

roles/geo_dns/meta/main.yml

+galaxy_info:
+  description: geo_dns role
+  standalone: false
+
 dependencies:
   - role: geoipupdate
     vars:

roles/gitlab_runner/files/libvirt-executor-update-base-image

@@ -32,7 +32,7 @@ arch-chroot mnt pacman-key --populate
 
 # shellcheck disable=SC2016
 printf 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' > mnt/etc/pacman.d/mirrorlist
-arch-chroot mnt systemctl disable reflector-init
+arch-chroot mnt systemctl disable reflector-init systemd-time-wait-sync
 arch-chroot mnt pacman -Sy --noconfirm --needed archlinux-keyring
 arch-chroot mnt pacman -Syu --noconfirm --needed git git-lfs gitlab-runner
 sed -E 's/^#(IgnorePkg *=)/\1 linux/' -i mnt/etc/pacman.conf

roles/hetzner_storagebox/tasks/main.yml

@@ -31,7 +31,7 @@
   register: tempfile
 
 - name: Fill tempfile
-  copy: content="{{ lookup('template', 'authorized_keys.j2') }}" dest="{{ tempfile.path }}" mode=preserve
+  template: src=authorized_keys.j2 dest={{ tempfile.path }} mode=preserve
   no_log: true
 
 - name: Upload authorized_keys for Arch DevOps
@@ -83,7 +83,7 @@
 
 - name: Update list of sub-accounts
   set_fact:
-    subaccounts: "{{ subaccounts + [item.json.subaccount | combine({'comment':item.invocation.module_args.body.comment})] }}"
+    subaccounts: "{{ subaccounts + [item.json.subaccount | combine({'comment': item.invocation.module_args.body.comment})] }}"
   loop: "{{ new_subaccounts_raw.results }}"
   loop_control:
     label: "{{ item.invocation.module_args.body.comment }}"

roles/hetzner_storagebox/tasks/upload_client_authorized_keys.yml

 - name: Fill tempfile
-  copy: content="{{ lookup('template', 'authorized_keys_client.j2') }}" dest="{{ tempfile.path }}" mode=preserve
+  template: src=authorized_keys_client.j2 dest={{ tempfile.path }} mode=preserve
   no_log: true
 
 - name: Upload authorized_keys file to {{ backup_dir }}/{{ item.item }}

roles/install_arch/tasks/main.yml

@@ -27,11 +27,11 @@
 
 - name: Partition and format the disks (btrfs RAID)
   command: mkfs.btrfs -f -L root -d {{ raid_level | default('raid1') }} -m {{ raid_level | default('raid1') }} -O no-holes {{ system_disks | map('regex_replace', '^(.*)$', '\g<1>p2' if 'nvme' in system_disks[0] else '\g<1>2') | join(' ') }}
-  when: filesystem == "btrfs" and system_disks|length >= 2
+  when: filesystem == "btrfs" and system_disks | length >= 2
 
 - name: Partition and format the disks (btrfs single)
   command: mkfs.btrfs -f -L root -d single -m single -O no-holes {{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}
-  when: filesystem == "btrfs" and system_disks|length == 1
+  when: filesystem == "btrfs" and system_disks | length == 1
 
 - name: Mount the filesystem (btrfs)
   mount: src="{{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}" path=/mnt state=mounted fstype=btrfs opts="compress-force=zstd,space_cache=v2"

roles/mailman3/defaults/main.yml

@@ -45,11 +45,17 @@ lists:
   arch-general:
     description: General Discussion about Arch Linux
     display_name: Arch-general
-    info: "This mailing list hosts general discusson about the Arch Linux distribution.  Questions, problems, and new development ideas can be posted here.\n\nYou must be subscribed to the list in order to post to it."
+    info: |
+      This mailing list hosts general discusson about the Arch Linux distribution.  Questions, problems, and new development ideas can be posted here.
+
+      You must be subscribed to the list in order to post to it.
   arch-mirrors-announce:
     description: List for mirror admins to send announcements (like downtime notifications) to our users
     display_name: Arch-mirrors-announce
-    info: "This list is intended for admins of Arch Linux mirrors that want to notify our users about downtime of their mirror.\r\n\r\nThis list also accepts mails from non-subscribers."
+    info: |
+      This list is intended for admins of Arch Linux mirrors that want to notify our users about downtime of their mirror.
+
+      This list also accepts mails from non-subscribers.
   arch-mirrors:
     description: Arch Linux Mirroring Discussion and Announcements
     display_name: Arch-mirrors
@@ -67,7 +73,12 @@ lists:
   arch-projects:
     description: Arch Linux projects development discussion
     display_name: Arch-projects
-    info: "Announcements, development discussion, patches and pull requests for the Arch Linux projects:<ul><li><a target=\"blank\" href=\"https://github.com/archlinux/archweb/\">archweb</a> (patches preferably on Github as pull requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/arch-release-promotion/\">arch-release-promotion</a> (patches only on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/dbscripts/\">dbscripts</a> (patches preferably on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/devtools/\">devtools</a> (patches preferably on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://github.com/archlinux/mkinitcpio/\">mkinitcpio</a> (patches preferably on Github as pull requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/namcap/\">namcap</a> (patches preferably on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/netctl/\">netctl</a> (patches preferably on the mailing list)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/pyalpm/\">pyalpm</a> (patches preferably on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/repod/\">repod</a> (patches only on GitLab as merge requests)</li><li><a target=\"blank\" href=\"https://gitlab.archlinux.org/archlinux/shim-signed/\">shim-signed</a> (contributions preferably on GitLab as merge requests)</li></ul>\r\nPlease begin the email subject with the name of a project in square brackets (e.g. <code>[devtools]</code>). If no project matches, use <code>[projects]</code>.\r\n\r\nNote: No user discussion!"
+    info: |
+      Announcements, development discussion, patches and pull requests for the Arch Linux projects:<ul><li><a target="blank" href="https://github.com/archlinux/archweb/">archweb</a> (patches preferably on Github as pull requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/arch-release-promotion/">arch-release-promotion</a> (patches only on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/dbscripts/">dbscripts</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/devtools/">devtools</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://github.com/archlinux/mkinitcpio/">mkinitcpio</a> (patches preferably on Github as pull requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/namcap/">namcap</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/netctl/">netctl</a> (patches preferably on the mailing list)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/pyalpm/">pyalpm</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/repod/">repod</a> (patches only on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/shim-signed/">shim-signed</a> (contributions preferably on GitLab as merge requests)</li></ul>
+
+      Please begin the email subject with the name of a project in square brackets (e.g. <code>[devtools]</code>). If no project matches, use <code>[projects]</code>.
+
+      Note: No user discussion!
   arch-releng:
     description: Arch Linux Release Engineering
     display_name: Arch-releng
@@ -85,12 +96,16 @@ lists:
   arch-wiki-admins:
     advertised: false
     archive_policy: private
+    default_nonmember_action: defer
     display_name: Arch-wiki-admins
     subscription_policy: confirm_then_moderate
   arch-women:
     description: Mailing list for the Arch Women project
     display_name: Arch-women
-    info: "<a href=\"https://archwomen.org/\">Arch Women</a> is an all inclusive organization of Arch Linux enthusiasts with a focus on helping more women become involved in the Arch Linux community and FOSS.\r\n\r\nMailing list graciously hosted by the Arch Linux™ project."
+    info: |
+      <a href="https://archwomen.org/">Arch Women</a> is an all inclusive organization of Arch Linux enthusiasts with a focus on helping more women become involved in the Arch Linux community and FOSS.
+
+      Mailing list graciously hosted by the Arch Linux™ project.
   aur-dev:
     description: Arch User Repository (AUR) Development
     display_name: Aur-dev

roles/mailman3/tasks/main.yml

@@ -69,7 +69,7 @@
     - mailman3-notify.timer
     - uwsgi@mailman\x2dweb.service
 
-- name: update list configurations
+- name: Update list configurations
   uri:
     url: http://localhost:8001/3.1/lists/{{ item }}.lists.archlinux.org/config
     user: "{{ vault_mailman_admin_user }}"

roles/maintenance/tasks/main.yml

@@ -6,7 +6,7 @@
 
 - name: Create the service http root dir
   file: path={{ maintenance_http_dir }}/{{ service_domain }} state=directory owner=root group=root mode=0755
-  when: maintenance is defined and maintenance|bool
+  when: maintenance is defined and maintenance | bool
 
 - name: Set up nginx maintenance mode
   template:
@@ -16,7 +16,7 @@
     group: root
     mode: 0644
   notify: Reload nginx
-  when: service_nginx_template is not defined and maintenance is defined and maintenance|bool
+  when: service_nginx_template is not defined and maintenance is defined and maintenance | bool
 
 - name: Set up custom nginx maintenance mode
   template:
@@ -26,7 +26,7 @@
     group: root
     mode: 0644
   notify: Reload nginx
-  when: service_nginx_template is defined and maintenance is defined and maintenance|bool
+  when: service_nginx_template is defined and maintenance is defined and maintenance | bool
 
 - name: Create the 503 html file
   template:
@@ -35,7 +35,7 @@
     owner: root
     group: root
     mode: 0644
-  when: maintenance is defined and maintenance|bool
+  when: maintenance is defined and maintenance | bool
 
 - name: Force reload nginx
   meta: flush_handlers

roles/matrix/tasks/main.yml

@@ -229,7 +229,7 @@
   notify:
     - Restart synapse
 
-- name: Install signing key
+- name: Install signing key  # noqa template-instead-of-copy
   copy:
     content: '{{ vault_matrix_secrets.signing_key }}'
     dest: /etc/synapse/{{ matrix_server_name }}.signing.key
@@ -237,7 +237,7 @@
     group: synapse
     mode: 0640
 
-- name: Install ircpass key
+- name: Install ircpass key  # noqa template-instead-of-copy
   copy:
     content: '{{ vault_matrix_secrets.ircpass_key }}'
     dest: /etc/synapse/{{ matrix_server_name }}.ircpass.key

roles/networking/tasks/main.yml

@@ -12,8 +12,8 @@
       copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network.d/dns.conf owner=root group=root mode=0644
       notify:
         - Restart networkd
-      when: static_dns|default(true)
-  when: not dhcp|default(false)
+      when: static_dns | default(true)
+  when: not dhcp | default(false)
 
 - name: Configure network (dhcp)
   block:
@@ -29,8 +29,8 @@
       copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network.d/dns.conf owner=root group=root mode=0644
       notify:
         - Restart networkd
-      when: static_dns|default(false)
-  when: dhcp|default(false)
+      when: static_dns | default(false)
+  when: dhcp | default(false)
 
 - name: Create symlink to resolv.conf
   file: src=/run/systemd/resolve/stub-resolv.conf dest={{ chroot_path }}/etc/resolv.conf state=link force=yes follow=no owner=root group=root

roles/postfix_null/meta/main.yml

+galaxy_info:
+  description: postfix_null role
+  standalone: false
+
 dependencies:
   - role: postfwd
     delegate_to: mail.archlinux.org